Explore Chrome's open-source distributed fuzzer, Clusterfuzz, in this 32-minute conference talk from nullcon Goa 2015. Gain insights into how Clusterfuzz utilizes over 3000 cores to fuzz Chrome across various platforms, discovering security vulnerabilities in real-time with reproducible test cases. Delve into detailed statistics on bug types found in Chrome and learn about the challenges of distributed fuzzing. Discover how to run your own fuzzers on the Clusterfuzz infrastructure and potentially earn Chrome bounties for uncovered bugs. The presentation covers Clusterfuzz's architectural overview, crash automation and management, fuzzer types and examples, code coverage analysis, memory debugging tools, and the process of reproducing and minimizing test cases. Additionally, learn about real-time regression fixes and the Findit tool for identifying culprit CLs.
Overview
Syllabus
Intro
About me!
Solution: ClusterFuzz
ClusterFuzz: Architectural Ove
Crash Automation & Mana
Fuzzers: What infrastructure
Testcase Duplication Chec
Fuzzers: Types
Generation based fuzzers: Exa
Mutation Based Fuzzers: Examp
V8 Bounds check removal b
Evolutionary Fuzzers
Code Coverage: Platforms
Code Coverage: Aggregate View
Code Coverage: fuzzer_utils
Memory Debugging Tools: Exa
Scale, Scale and Scale
Fully reproducible & minimiz
Custom Minimizers
Resource Minimization
Tool Settings Correction: ASAN ex
Real-time regression and fixe
Findit: Culprit CL Finder
Findit: How it works
Testcase Report
Patched + Verified: 1 day
Taught by
nullcon
